US20080005789A1 - Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave - Google Patents

Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave Download PDF

Info

Publication number
US20080005789A1
US20080005789A1 US11/603,835 US60383506A US2008005789A1 US 20080005789 A1 US20080005789 A1 US 20080005789A1 US 60383506 A US60383506 A US 60383506A US 2008005789 A1 US2008005789 A1 US 2008005789A1
Authority
US
United States
Prior art keywords
authentication
information
user
proxy
section
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/603,835
Other versions
US8176538B2 (en
Inventor
Kenichiro Kigo
Hisashi Nakatsuyama
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujifilm Business Innovation Corp
Original Assignee
Fuji Xerox Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fuji Xerox Co Ltd filed Critical Fuji Xerox Co Ltd
Assigned to FUJI XEROX CO., LTD. reassignment FUJI XEROX CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KIGO, KENICHIRO, NAKATSUYAMA, HISACHI
Publication of US20080005789A1 publication Critical patent/US20080005789A1/en
Application granted granted Critical
Publication of US8176538B2 publication Critical patent/US8176538B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to an information processing system, a recording medium storing a control program, and a computer data signal embodied in a carrier wave.
  • a proxy server which carries out connection to an external network as a proxy of a computer on an internal network is provided at the boundary between the internal network and the external network (for example, the Internet) in order to enhance the security.
  • This proxy server is intended to utilize a server on the external network from the internal network, and in sometimes, is particularly called a forward proxy.
  • a reverse proxy relays a connection from the external network to the internal network as opposed to the forward proxy relaying connection from the internal network to the external network.
  • the application for the reverse proxy is not limited to connection from the external network to the internal network, but it is not unusual that the reverse proxy is used in the same network.
  • a first aspect of the present invention provides an information processing system, which includes: an information distribution server; a client apparatus; and a plurality of service providing servers that provide service to a user of the client apparatus, and the information distribution server including: a user authentication information memory that stores user authentication information; a receiving section that receives authentication information from the plurality of service providing servers; and an authentication proxy information distributing section that distributes authentication proxy information prepared based on the user authentication information and the authentication information, and the client apparatus including: a user authentication section that carries out authentication of the user, and an authentication proxy section that, if the authentication is carried out by the user authentication section, executes a proxy authentication when the user accesses at least one of the plurality of service providing servers on the basis of the distributed authentication proxy information.
  • FIG. 1 is a chart illustrating one example of an entire configuration of an information processing system pertaining to the present invention
  • FIG. 2 is a chart illustrating a part of a functional configuration of the information processing system as shown in FIG. 1 ;
  • FIG. 3 is a chart illustrating one example of authentication proxy information as shown in FIG. 2 ;
  • FIG. 4 is a sequence chart indicating a flow of a first processing in the information processing system as shown in FIG. 1 and FIG. 2 ;
  • FIG. 5 is a sequence chart indicating a flow of a second processing in the information processing system as shown in FIG. 1 and FIG. 2 .
  • FIG. 1 is a chart illustrating one example of an overall configuration of the information processing system pertaining to the present invention.
  • one or more than one client terminals 10 , an auditing server 20 , an SSO information distribution server 30 , and one or more than one service providing servers 40 are connected to one another through a network 50 constituted by a LAN (Local Area Network), a WAN (Wide Area Network), and the like.
  • a network 50 constituted by a LAN (Local Area Network), a WAN (Wide Area Network), and the like.
  • an SSO scheme is realized under control of an SSO program (hereinafter referred to as C-SSO) by a transparent type proxy disposed in the client terminal 10 .
  • this C-SSO 12 carries out the proxy authentication for the respective service providing servers 40 , whereby thereafter, if the user accesses any of the service providing servers 40 which participate in the SSO scheme, the user will not be requested of authentication.
  • the network configuration in this information processing system is only one example, and on the network 50 , various other network terminals, such as an application server, a Web server, and the like, may be connected.
  • a C-SSO install program 31 for installing the C-SSO 12 in the client terminal 10 is stored, and by this program 31 , the C-SSO 12 is installed in the client terminal 10 .
  • this C-SSO 12 executes authentication to a service providing server 40 as a proxy, thus the C-SSO 12 needs to hold authentication information for carrying out authentication to the service providing server 40 . Therefore, the SSO information distribution server 30 receives authentication information to log in to a particular service providing server 40 from the service providing server 40 , and further distributes this authentication information to the client terminal 10 where the C-SSO 12 is installed.
  • a Web browser 11 for reading the HTML contents, and the like is provided as an application, and by using this Web browser 11 , data communication with the service providing server 40 , or the like, is realized.
  • data communication with the service providing server 40 or the like, is carried out through the Web browser 11 described as an example, however, in such communication, the Web browser 11 need not always be used, and any other software may be used instead, provided that it utilizes the http request.
  • the access is carried out via the C-SSO 12 .
  • the C-SSO 12 intercepts the request from the Web browser 11 .
  • the auditing server 20 receives the access recording, and the like, on this client terminal 10 as an auditing log 21 , and stores it.
  • sending the auditing log 21 to this auditing server 20 acquiring and sending of the auditing log 21 is carried out by the C-SSO 12 .
  • the service providing server 40 stores various types of information, such as HTML contents, images, and the like, and resources, such as Web applications, and the like, and provides such information, or the like, responding to the http request from the client terminal 10 through the Web browser 11 .
  • This service providing server 40 stores static contents (for example, HTML contents, or the like) and dynamic contents (Web applications, or the like), and includes functions of both the Web server and the application server, however, this is only one example, and the server may include either one of the functions.
  • the operation carried out when the client terminal 10 participates in the SSO scheme will be briefly described.
  • the authentication information for logging in to this service providing server 40 is periodically sent from the service providing server 40 to the SSO information distribution server 30 . This periodical sending may occur every time a certain time or period elapses, for example, or every time an alteration of the authentication information is given.
  • the request from the client terminal 10 is redirected to the SSO information distribution server 30 .
  • the SSO information distribution server 30 By this redirection, installation of the C-SSO 12 from the SSO information distribution server 30 to the client terminal 10 is requested.
  • the C-SSO 12 may be previously installed by the user getting access to the install page.
  • the SSO information distribution server 30 sends the encoded authentication proxy information and the auditing policy to the client terminal 10 .
  • the C-SSO 12 intercepts this request to execute authentication as a proxy for the service providing server 40 .
  • the processing in accordance with the user's request is carried out in the service providing server 40 .
  • the contents of such processing carried out on the client terminal 10 is sent to the auditing server 20 on the basis of the auditing policy.
  • FIG. 2 a part of the functional configuration of the information processing system as shown in FIG. 1 will be described.
  • the same components as those given in FIG. 1 is provided with the same numerals and signs.
  • the service providing server 40 is configured to include, as a various processing function section, an authentication information sending section 41 which provides the function of sending authentication information for logging in to its own terminal to the SSO information distribution server 30 , and an authentication section 42 which provides the function of carrying out the authentication determination about whether the logging in to its own terminal is to be enabled or not.
  • the authentication information sent from this authentication information sending section 41 is sent, being encoded from the viewpoint of security.
  • the SSO information distribution server 30 is configured to include, as a various processing function section, a C-SSO install program, an SSO information distributing section 32 , a user authentication information memory 33 , and an authentication information receiving section 34 .
  • the authentication information receiving section 34 provides the function of receiving the authentication information from the service providing server 40
  • the user authentication information memory 33 provides the function of storing the user authentication information.
  • the SSO information distributing section 32 provides the function of preparing authentication proxy information according to the request from the client terminal 10 on the basis of the authentication information received from the service providing server 40 and the user authentication information stored in the user authentication information memory 33 , and distributing it to the client terminal 10 .
  • the SSO information distributing section 32 distributes the auditing policy, besides this authentication proxy information, to the client terminal 10 according to the request from the client terminal 10 .
  • the authentication proxy information and the auditing policy are encoded in the same manner as in sending the authentication information from the service providing server 40 to the SSO information distribution server 30 .
  • the management and transportation methods for the key to be used in encoding and decoding, and what encoding method is adopted is no critical problem, and any method may be used, provided that the security can be maintained.
  • the C-SSO 12 is configured to include, as a various processing function section, a user authentication section 61 , a request acquiring section 62 , an SSO information acquiring section 63 , an authentication proxy section 64 , and a log output section 65 .
  • the user authentication section 61 provides the function of carrying out authentication for logging in to the C-SSO 12 .
  • the user is required to carry out user authentication between this user authentication section 61 and the user to log in to the C-SSO 12 .
  • the user authentication in the user authentication section 61 is carried out on the basis of the user authentication information stored in the user authentication information memory 33 .
  • the request acquiring section 62 provides the function of intercepting and acquiring a request from the Web browser 11 and a response to the Web browser 11 for that request. In other words, a particular request from the Web browser 11 and the response therefor are always passed through the C-SSO 12 .
  • the SSO information acquiring section 63 acquires information distributed from the SSO information distributing section 32 of the SSO information distribution server 30 . Specifically, the SSO information acquiring section 63 requests the SSO information distribution server 30 to distribute the information required in participating in the SSO scheme, such as the authentication proxy information 64 a , the auditing policy 65 a , and the like, and acquires the information distributed according to that request to pass it to the authentication proxy section 64 and the log output section 65 .
  • the SSO information acquiring section 63 requests the SSO information distribution server 30 to distribute the information required in participating in the SSO scheme, such as the authentication proxy information 64 a , the auditing policy 65 a , and the like, and acquires the information distributed according to that request to pass it to the authentication proxy section 64 and the log output section 65 .
  • the authentication proxy section 64 provides the function of using the authentication proxy information 64 a for carrying out authentication to the respective service providing servers 40 in place of the user.
  • This authentication proxy information 64 a is as shown in FIG. 3 , for example. This authentication in the authentication proxy section 64 is carried out without the user being caused to be aware thereof.
  • the log output section 65 provides the function of outputting a log indicating various processing contents on the basis of the auditing policy 65 a to the auditing server 20 .
  • the auditing policy 65 a provides the rules which mean at what timing the log is to be outputted, what log is to be collected, and the like.
  • the auditing policy 65 a is stored, being encoded, or otherwise protected, such that the user cannot easily alter it.
  • the auditing policy 65 a is downloaded from the SSO information distribution server 30 at the time of installation of the C-SSO 12 , distribution of authentication proxy information, or the like.
  • the C-SSO 12 is realized as a transparent type proxy.
  • the authentication information is sent, and the authentication information receiving section 34 of the SSO information distribution server 30 receives it (in step S 101 ).
  • the user accesses the SSO information distribution server 30 from the client terminal 10 , using the Web browser 11 (in step S 102 ), then the SSO information distribution server 30 references the Cookie, or the like, to detect that the C-SSO is not yet installed in the client terminal 10 , requesting the user to implement the C-SSO install program 31 (in step S 103 ).
  • the SSO information distribution server 30 references the Cookie, or the like, to detect that the C-SSO is not yet installed in the client terminal 10 , requesting the user to implement the C-SSO install program 31 (in step S 103 ).
  • step S 104 When the user approves installation, the installation of the C-SSO 12 into the client terminal 10 is started (in step S 104 ).
  • the information including the authentication proxy information 64 a and the auditing policy 65 a is sent, being encoded, from the SSO information distributing section 32 of the SSO information distribution server 30 to the C-SSO 12 on the request from the SSO information acquiring section 63 of the C-SSO 12 (in step S 105 ).
  • the C-SSO 12 acquires this with the SSO information acquiring section 63 , and passes the authentication proxy information 64 a to the authentication proxy section 64 , and the auditing policy 65 a to the log output section 65 (in step S 106 ).
  • the C-SSO 12 intercepts this request with the request acquiring section 62 . If, at this time, the logging in to the C-SSO 12 is not completed, the user authentication section 61 displays a popup, or otherwise operates, to request the user to log in to the C-SSO 12 (in step S 108 ).
  • the user inputs the user authentication information, such as an account, a password, and the like, (in step S 109 ), and directs implementation of the user authentication.
  • the authentication is successfully carried out (in step S 110 )
  • the logging in to the C-SSO 12 is achieved.
  • the C-SSO 12 detects that the authentication to the service providing server 40 is not yet completed, the C-SSO 12 carries out authentication proxy to the respective service providing servers 40 in place of the user (in step S 111 ).
  • This authentication is implemented with the authentication proxy information 64 a being sent from the authentication proxy section 64 of the C-SSO 12 to the authentication section 42 of the service providing server 40 .
  • step S 112 When the authentication proxy is successfully carried out (in step S 112 ), the request acquiring section 62 , which has received this, relays the request from the Web browser 11 in step S 107 (in step S 113 ).
  • step S 114 When the service providing server 40 gives a response for this request (in step S 114 ), the request acquiring section 62 of the C-SSO 12 relays this (in step S 115 ) to return it to the Web browser 11 .
  • step S 116 the HTML contents or the like corresponding to the request in step S 107 is displayed (in step S 116 ).
  • the log output section 65 of the C-SSO 12 collects the log at the time when or after the request is received from the Web browser 11 , and outputs it to the auditing server 20 .
  • the C-SSO 12 intercepts this request in the request acquiring section 62 . If, at this time, the logging in to the C-SSO 12 is not completed, the user authentication section 61 displays a popup, or otherwise operates, to request the user to log in to the C-SSO 12 (in step S 202 ).
  • the user inputs the user authentication information, such as the account, the password, and the like, (in step S 203 ), and directs implementation of the user authentication.
  • the authentication is successfully carried out (in step S 204 )
  • the logging in to the C-SSO 12 is achieved.
  • the C-SSO 12 detects that the authentication to the service providing server 40 is not yet completed, the C-SSO 12 carries out authentication proxy to the respective service providing servers 40 in place of the user (in step S 205 ).
  • This authentication is implemented with the authentication proxy information 64 a being sent from the authentication proxy section 64 of the C-SSO 12 to the authentication section 42 of the service providing server 40 .
  • step S 206 When the authentication proxy is successfully carried out (in step S 206 ), the request acquiring section 62 , which has received this, relays the request from the Web browser 11 in step S 201 (in step S 207 ).
  • step S 208 When the service providing server 40 gives a response for this request (in step S 208 ), the request acquiring section 62 of the C-SSO 12 relays this (in step S 209 ) to return it to the Web browser 11 .
  • step S 210 the HTML contents, or the like, corresponding to the request in step S 201 is displayed (in step S 210 ).
  • the log output section 65 of the C-SSO 12 collects the log at the time when and after the request is received from the Web browser 11 , and outputs the log to the auditing server 20 .
  • selection of validation/invalidation of the SSO function, and distribution of the authentication proxy information, the auditing policy, and the like, by the SSO information distribution server 30 may be carried out, utilizing an external recording medium, such as a USB (Universal Serial Bus) key.
  • an external recording medium such as a USB (Universal Serial Bus) key.
  • control program can be provided not only by the communication section, such as the network, or the like, but also can be provided, being stored in a recording medium, such as a CD-ROM, or the like.
  • the information processing system and the control program of the present invention is applicable to any information processing system with which, once the user receives authentication at first, the user can utilize all the functions which have been enabled with that authentication, and to any control program which causes a computer to implement this processing.

Abstract

An information processing system, which includes: an information distribution server; a client apparatus; and a plurality of service providing servers that provide service to a user of the client apparatus, and the information distribution server including: a user authentication information memory that stores user authentication information; a receiving section that receives authentication information from the plurality of service providing servers; and an authentication proxy information distributing section that distributes authentication proxy information prepared based on the user authentication information and the authentication information, and the client apparatus including: a user authentication section that carries out authentication of the user, and an authentication proxy section that, if the authentication is carried out by the user authentication section, executes a proxy authentication when the user accesses at least one of the plurality of service providing servers on the basis of the distributed authentication proxy information.

Description

    BACKGROUND
  • 1. Technical Field
  • The present invention relates to an information processing system, a recording medium storing a control program, and a computer data signal embodied in a carrier wave.
  • 2. Related Art
  • An SSO (Single Sign-On) system with which, once the user receives authentication at first, the user can utilize all the functions which are enabled by that authentication has been proposed.
  • In a case where a network system is operated in schools, enterprises, and the like, a proxy server which carries out connection to an external network as a proxy of a computer on an internal network is provided at the boundary between the internal network and the external network (for example, the Internet) in order to enhance the security. This proxy server is intended to utilize a server on the external network from the internal network, and in sometimes, is particularly called a forward proxy.
  • Contrarily to this, a reverse proxy relays a connection from the external network to the internal network as opposed to the forward proxy relaying connection from the internal network to the external network. The application for the reverse proxy is not limited to connection from the external network to the internal network, but it is not unusual that the reverse proxy is used in the same network.
    • SUMMARY
  • A first aspect of the present invention provides an information processing system, which includes: an information distribution server; a client apparatus; and a plurality of service providing servers that provide service to a user of the client apparatus, and the information distribution server including: a user authentication information memory that stores user authentication information; a receiving section that receives authentication information from the plurality of service providing servers; and an authentication proxy information distributing section that distributes authentication proxy information prepared based on the user authentication information and the authentication information, and the client apparatus including: a user authentication section that carries out authentication of the user, and an authentication proxy section that, if the authentication is carried out by the user authentication section, executes a proxy authentication when the user accesses at least one of the plurality of service providing servers on the basis of the distributed authentication proxy information.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • An exemplary embodiment of the present invention will be described in detail based on the following figures, wherein:
  • FIG. 1 is a chart illustrating one example of an entire configuration of an information processing system pertaining to the present invention;
  • FIG. 2 is a chart illustrating a part of a functional configuration of the information processing system as shown in FIG. 1;
  • FIG. 3 is a chart illustrating one example of authentication proxy information as shown in FIG. 2;
  • FIG. 4 is a sequence chart indicating a flow of a first processing in the information processing system as shown in FIG. 1 and FIG. 2; and
  • FIG. 5 is a sequence chart indicating a flow of a second processing in the information processing system as shown in FIG. 1 and FIG. 2.
    •  DETAILED DESCRIPTION
  • Hereinbelow, an exemplary embodiment of an information processing system, a recording medium storing a control program, and a computer data signal embodied in a carrier wave pertaining to the present invention will be described in detail with reference to the attached drawings.
  • FIG. 1 is a chart illustrating one example of an overall configuration of the information processing system pertaining to the present invention.
  • In this information processing system, one or more than one client terminals 10, an auditing server 20, an SSO information distribution server 30, and one or more than one service providing servers 40 are connected to one another through a network 50 constituted by a LAN (Local Area Network), a WAN (Wide Area Network), and the like. In this information processing system, an SSO scheme is realized under control of an SSO program (hereinafter referred to as C-SSO) by a transparent type proxy disposed in the client terminal 10. In other words, once an authentication is validly carried out, this C-SSO 12 carries out the proxy authentication for the respective service providing servers 40, whereby thereafter, if the user accesses any of the service providing servers 40 which participate in the SSO scheme, the user will not be requested of authentication. The network configuration in this information processing system is only one example, and on the network 50, various other network terminals, such as an application server, a Web server, and the like, may be connected.
  • Herein, in the SSO information distribution server 30, a C-SSO install program 31 for installing the C-SSO 12 in the client terminal 10 is stored, and by this program 31, the C-SSO 12 is installed in the client terminal 10.
  • In addition, later described in detail, this C-SSO 12 executes authentication to a service providing server 40 as a proxy, thus the C-SSO 12 needs to hold authentication information for carrying out authentication to the service providing server 40. Therefore, the SSO information distribution server 30 receives authentication information to log in to a particular service providing server 40 from the service providing server 40, and further distributes this authentication information to the client terminal 10 where the C-SSO 12 is installed.
  • In the client terminal 10, a Web browser 11 for reading the HTML contents, and the like, is provided as an application, and by using this Web browser 11, data communication with the service providing server 40, or the like, is realized. In this exemplary embodiment, a case where data communication with the service providing server 40, or the like, is carried out through the Web browser 11 described as an example, however, in such communication, the Web browser 11 need not always be used, and any other software may be used instead, provided that it utilizes the http request.
  • In accessing the service providing server 40 with the Web browser 11, the access is carried out via the C-SSO 12. This is because the C-SSO 12 intercepts the request from the Web browser 11. In referring to the service providing server 40 from the Web browser 11, it seems to the user as if the user directly accesses the server, however, actually the access is carried out via this C-SSO 12. In addition, the auditing server 20 receives the access recording, and the like, on this client terminal 10 as an auditing log 21, and stores it. In sending the auditing log 21 to this auditing server 20, acquiring and sending of the auditing log 21 is carried out by the C-SSO 12.
  • The service providing server 40 stores various types of information, such as HTML contents, images, and the like, and resources, such as Web applications, and the like, and provides such information, or the like, responding to the http request from the client terminal 10 through the Web browser 11. This service providing server 40 stores static contents (for example, HTML contents, or the like) and dynamic contents (Web applications, or the like), and includes functions of both the Web server and the application server, however, this is only one example, and the server may include either one of the functions.
  • Herein, for easier description, the operation carried out when the client terminal 10 participates in the SSO scheme will be briefly described. When access from the client terminal 10 to a particular service providing server 40 is performed for the first time, it is required that the authentication be carried out first of all. Herein, the authentication information for logging in to this service providing server 40 is periodically sent from the service providing server 40 to the SSO information distribution server 30. This periodical sending may occur every time a certain time or period elapses, for example, or every time an alteration of the authentication information is given.
  • The request from the client terminal 10 is redirected to the SSO information distribution server 30. By this redirection, installation of the C-SSO 12 from the SSO information distribution server 30 to the client terminal 10 is requested. The C-SSO 12 may be previously installed by the user getting access to the install page.
  • When the user accepts this install request, and the C-SSO 12 is installed in the client terminal 10, the SSO information distribution server 30 sends the encoded authentication proxy information and the auditing policy to the client terminal 10.
  • When, after logging in to the C-SSO 12, the user uses the Web browser 11 for trying back to access the service providing server 40, the C-SSO 12 intercepts this request to execute authentication as a proxy for the service providing server 40. Herein, in a case where the authentication is successfully performed, the processing in accordance with the user's request is carried out in the service providing server 40. The contents of such processing carried out on the client terminal 10 is sent to the auditing server 20 on the basis of the auditing policy.
  • Next, with reference to FIG. 2, a part of the functional configuration of the information processing system as shown in FIG. 1 will be described. The same components as those given in FIG. 1 is provided with the same numerals and signs.
  • The service providing server 40 is configured to include, as a various processing function section, an authentication information sending section 41 which provides the function of sending authentication information for logging in to its own terminal to the SSO information distribution server 30, and an authentication section 42 which provides the function of carrying out the authentication determination about whether the logging in to its own terminal is to be enabled or not. The authentication information sent from this authentication information sending section 41 is sent, being encoded from the viewpoint of security.
  • The SSO information distribution server 30 is configured to include, as a various processing function section, a C-SSO install program, an SSO information distributing section 32, a user authentication information memory 33, and an authentication information receiving section 34.
  • The authentication information receiving section 34 provides the function of receiving the authentication information from the service providing server 40, and the user authentication information memory 33 provides the function of storing the user authentication information. The SSO information distributing section 32 provides the function of preparing authentication proxy information according to the request from the client terminal 10 on the basis of the authentication information received from the service providing server 40 and the user authentication information stored in the user authentication information memory 33, and distributing it to the client terminal 10. In addition, the SSO information distributing section 32 distributes the auditing policy, besides this authentication proxy information, to the client terminal 10 according to the request from the client terminal 10. In distributing the authentication proxy information and the auditing policy to the client terminal 10, these are encoded in the same manner as in sending the authentication information from the service providing server 40 to the SSO information distribution server 30. The management and transportation methods for the key to be used in encoding and decoding, and what encoding method is adopted is no critical problem, and any method may be used, provided that the security can be maintained.
  • In the client terminal 10, the Web browser 11, various programs 13, and the C-SSO 12 are installed, herein, the C-SSO 12 is configured to include, as a various processing function section, a user authentication section 61, a request acquiring section 62, an SSO information acquiring section 63, an authentication proxy section 64, and a log output section 65.
  • The user authentication section 61 provides the function of carrying out authentication for logging in to the C-SSO 12. In utilizing the SSO scheme, the user is required to carry out user authentication between this user authentication section 61 and the user to log in to the C-SSO 12. In the present exemplary embodiment, the user authentication in the user authentication section 61 is carried out on the basis of the user authentication information stored in the user authentication information memory 33.
  • The request acquiring section 62 provides the function of intercepting and acquiring a request from the Web browser 11 and a response to the Web browser 11 for that request. In other words, a particular request from the Web browser 11 and the response therefor are always passed through the C-SSO 12.
  • The SSO information acquiring section 63 acquires information distributed from the SSO information distributing section 32 of the SSO information distribution server 30. Specifically, the SSO information acquiring section 63 requests the SSO information distribution server 30 to distribute the information required in participating in the SSO scheme, such as the authentication proxy information 64 a, the auditing policy 65 a, and the like, and acquires the information distributed according to that request to pass it to the authentication proxy section 64 and the log output section 65.
  • The authentication proxy section 64 provides the function of using the authentication proxy information 64 a for carrying out authentication to the respective service providing servers 40 in place of the user. One example of this authentication proxy information 64 a is as shown in FIG. 3, for example. This authentication in the authentication proxy section 64 is carried out without the user being caused to be aware thereof.
  • The log output section 65 provides the function of outputting a log indicating various processing contents on the basis of the auditing policy 65 a to the auditing server 20. Herein, the auditing policy 65 a provides the rules which mean at what timing the log is to be outputted, what log is to be collected, and the like. By distributing this auditing policy 65 a to the C-SSO 12 installed from the SSO information distribution server 30 in the respective client terminals 10, the policy for the entire system can be easily rendered uniform. In addition, simply by rewriting the auditing policy 65 a, the contents of the auditing log which is collected can be easily altered. In this exemplary embodiment, description will be given on the assumption that the auditing policy 65 a prescribes that the log is to be collected at the time when a request is received from the Web browser 11, and after that request.
  • The auditing policy 65 a is stored, being encoded, or otherwise protected, such that the user cannot easily alter it. In addition, the auditing policy 65 a is downloaded from the SSO information distribution server 30 at the time of installation of the C-SSO 12, distribution of authentication proxy information, or the like. In operating this above-mentioned C-SSO 12 on the client terminal 10, there is no need for carrying out special setting with the Web browser 11, or the like. This is because the C-SSO 12 is realized as a transparent type proxy.
  • Next, with reference to FIG. 4, the flow of processing in the information processing system as shown in FIG. 1 and FIG. 2 will be described. Here, the flow of processing from the state in which the C-SSO 12 is not installed in the client terminal 10 will be described.
  • First, from the authentication information sending section 41 of the service providing server 40 to the SSO information distribution server 30, the authentication information is sent, and the authentication information receiving section 34 of the SSO information distribution server 30 receives it (in step S101).
  • Next, the user accesses the SSO information distribution server 30 from the client terminal 10, using the Web browser 11 (in step S102), then the SSO information distribution server 30 references the Cookie, or the like, to detect that the C-SSO is not yet installed in the client terminal 10, requesting the user to implement the C-SSO install program 31 (in step S103). By previously setting the system such that, even in case where, before the C-SSO 12 being installed, the user directly accesses the service providing server 40 from the client terminal 10, the user is redirected to the SSO information server 30, the user is requested to install the C-SSO 12 in the same manner as in the case where the user accesses the SSO information distribution server 30 at first.
  • When the user approves installation, the installation of the C-SSO 12 into the client terminal 10 is started (in step S104). Here, when the installation into the client terminal 10 is completed, the information including the authentication proxy information 64 a and the auditing policy 65 a is sent, being encoded, from the SSO information distributing section 32 of the SSO information distribution server 30 to the C-SSO 12 on the request from the SSO information acquiring section 63 of the C-SSO 12 (in step S105). The C-SSO 12 acquires this with the SSO information acquiring section 63, and passes the authentication proxy information 64 a to the authentication proxy section 64, and the auditing policy 65 a to the log output section 65 (in step S106).
  • When the installation of the C-SSO 12 is completed, and the user tries to access the service providing server 40, using the Web browser 11 (in step S107), the C-SSO 12 intercepts this request with the request acquiring section 62. If, at this time, the logging in to the C-SSO 12 is not completed, the user authentication section 61 displays a popup, or otherwise operates, to request the user to log in to the C-SSO 12 (in step S108).
  • The user inputs the user authentication information, such as an account, a password, and the like, (in step S109), and directs implementation of the user authentication. Here, when the authentication is successfully carried out (in step S110), the logging in to the C-SSO 12 is achieved.
  • Then, when the C-SSO 12 detects that the authentication to the service providing server 40 is not yet completed, the C-SSO 12 carries out authentication proxy to the respective service providing servers 40 in place of the user (in step S111). This authentication is implemented with the authentication proxy information 64 a being sent from the authentication proxy section 64 of the C-SSO 12 to the authentication section 42 of the service providing server 40.
  • When the authentication proxy is successfully carried out (in step S112), the request acquiring section 62, which has received this, relays the request from the Web browser 11 in step S107 (in step S113). When the service providing server 40 gives a response for this request (in step S114), the request acquiring section 62 of the C-SSO 12 relays this (in step S115) to return it to the Web browser 11. Thereby, on the screen of the Web browser 11, the HTML contents or the like corresponding to the request in step S107 is displayed (in step S116).
  • Although it is not shown in FIG. 4, on the basis of the auditing policy 65 a, the log output section 65 of the C-SSO 12 collects the log at the time when or after the request is received from the Web browser 11, and outputs it to the auditing server 20.
  • Next, with reference to FIG. 5, the flow of processing in the information processing system as shown in FIG. 1 and FIG. 2 will be described. Here, the flow of processing from the state in which the C-SSO 12 is already installed in the client terminal 10 will be described.
  • First, when the user tries to access the service providing server 40 from the client terminal 10, using the Web browser 11 (in step S201), the C-SSO 12 intercepts this request in the request acquiring section 62. If, at this time, the logging in to the C-SSO 12 is not completed, the user authentication section 61 displays a popup, or otherwise operates, to request the user to log in to the C-SSO 12 (in step S202).
  • The user inputs the user authentication information, such as the account, the password, and the like, (in step S203), and directs implementation of the user authentication. Here, when the authentication is successfully carried out (in step S204), the logging in to the C-SSO 12 is achieved.
  • Then, when the C-SSO 12 detects that the authentication to the service providing server 40 is not yet completed, the C-SSO 12 carries out authentication proxy to the respective service providing servers 40 in place of the user (in step S205). This authentication is implemented with the authentication proxy information 64 a being sent from the authentication proxy section 64 of the C-SSO 12 to the authentication section 42 of the service providing server 40.
  • When the authentication proxy is successfully carried out (in step S206), the request acquiring section 62, which has received this, relays the request from the Web browser 11 in step S201 (in step S207). When the service providing server 40 gives a response for this request (in step S208), the request acquiring section 62 of the C-SSO 12 relays this (in step S209) to return it to the Web browser 11. Thereby, on the screen of the Web browser 11, the HTML contents, or the like, corresponding to the request in step S201 is displayed (in step S210).
  • Although it is not shown in FIG. 5, on the basis of the auditing policy 65 a, the log output section 65 of the C-SSO 12 collects the log at the time when and after the request is received from the Web browser 11, and outputs the log to the auditing server 20.
  • Hereinabove, one example of the typical exemplary embodiment of the present invention has been described. However, the present invention is not limited to the exemplary embodiment as described above and illustrated in the charts, and may be modified within the scope and spirit of the claimed invention in exemplary embodiments.
  • For example, selection of validation/invalidation of the SSO function, and distribution of the authentication proxy information, the auditing policy, and the like, by the SSO information distribution server 30 may be carried out, utilizing an external recording medium, such as a USB (Universal Serial Bus) key.
  • In addition, in the above-described exemplary embodiment, the case where the processing is implemented by the information processing system pertaining to the present invention has been described. However, the system may be configured such that this processing is implemented by a control program installed in the computer. Such control program can be provided not only by the communication section, such as the network, or the like, but also can be provided, being stored in a recording medium, such as a CD-ROM, or the like.
  • The information processing system and the control program of the present invention is applicable to any information processing system with which, once the user receives authentication at first, the user can utilize all the functions which have been enabled with that authentication, and to any control program which causes a computer to implement this processing.
  • The foregoing description of the exemplary embodiment of the present invention has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations will be apparent to practitioners skilled in the art. The exemplary embodiment was chosen and described in order to best explain the principles of the invention and its practical applications, thereby enabling others skilled in the art to understand the invention for various embodiments and with the various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the following claims and their equivalents.

Claims (12)

1. An information processing system, comprising:
an information distribution server;
a client apparatus; and
a plurality of service providing servers that provide service to a user of the client apparatus, and
the information distribution server including:
a user authentication information memory that stores user authentication information;
a receiving section that receives authentication information from the plurality of service providing servers; and
an authentication proxy information distributing section that distributes authentication proxy information prepared based on the user authentication information and the authentication information, and
the client apparatus including:
a user authentication section that carries out authentication of the user, and
an authentication proxy section that, if the authentication is carried out by the user authentication section, executes a proxy authentication when the user accesses at least one of the plurality of service providing servers on the basis of the distributed authentication proxy information.
2. The information processing system of claim 1, wherein the client apparatus further comprises:
an auditing policy acquiring section that acquires an auditing policy from the information distribution server, and
a log output section that outputs an auditing log on the basis of the auditing policy acquired by the auditing policy acquiring section.
3. The information processing system of claim 1, wherein the authentication proxy section is a transparent type proxy.
4. The information processing system of claim 2, wherein the authentication proxy section is a transparent type proxy.
5. A computer readable recording medium storing a control program causing a computer to execute a process for carrying out proxy authentication when a plurality of service providing servers are accessed, the process comprising:
carrying out authentication with a user,
acquiring authentication proxy information for carrying out the authentication to the plurality of service providing servers, and
if the authentication with the user is carried out, executing proxy authentication when the user accesses at least one of the plurality of service providing servers on the basis of the acquired authentication proxy information.
6. The computer readable recording medium of claim 5, the process further comprising:
acquiring an auditing policy, and
outputting an auditing log on the basis of the acquired auditing policy.
7. The computer readable recording medium of claim 5, wherein the authentication of the user is carried out by a transparent type proxy.
8. The computer readable recording medium of claim 6, wherein the authentication of the user is carried out by a transparent type proxy.
9. A computer data signal embodied in a carrier wave for enabling a computer to perform a process for proxy authentication, the process comprising:
carrying out authentication with a user,
acquiring authentication proxy information for carrying out the authentication to the plurality of service providing servers, and
if the authentication with the user is carried out, executing proxy authentication when the user accesses at least one of the plurality of service providing servers on the basis of the acquired authentication proxy information.
10. The computer data signal of claim 9, the process further comprising:
acquiring an auditing policy, and
outputting an auditing log on the basis of the acquired auditing policy.
11. The computer data signal of claim 9, wherein the authentication of the user is carried out by a transparent type proxy.
12. The computer data signal of claim 10, wherein the authentication of the user is carried out by a transparent type proxy.
US11/603,835 2006-06-28 2006-11-24 Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave Expired - Fee Related US8176538B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006-178036 2006-06-28
JP2006178036A JP4882546B2 (en) 2006-06-28 2006-06-28 Information processing system and control program

Publications (2)

Publication Number Publication Date
US20080005789A1 true US20080005789A1 (en) 2008-01-03
US8176538B2 US8176538B2 (en) 2012-05-08

Family

ID=38878425

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/603,835 Expired - Fee Related US8176538B2 (en) 2006-06-28 2006-11-24 Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave

Country Status (3)

Country Link
US (1) US8176538B2 (en)
JP (1) JP4882546B2 (en)
CN (1) CN101098231B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080141341A1 (en) * 2006-12-07 2008-06-12 Ilja Vinogradov Security proxying for end-user applications
US20080141141A1 (en) * 2006-12-07 2008-06-12 Moore Dennis B Widget runtime engine for enterprise widgets
US20080141153A1 (en) * 2006-12-07 2008-06-12 Frederic Samson Cooperating widgets
US20080183902A1 (en) * 2007-01-31 2008-07-31 Nathaniel Cooper Content transform proxy
US20080215998A1 (en) * 2006-12-07 2008-09-04 Moore Dennis B Widget launcher and briefcase
US20110207433A1 (en) * 2010-02-24 2011-08-25 Fujifilm Corporation Web server constituting single sign-on system, method of controlling operation of same, and recording medium storing program for controlling operation of same
CN102469075A (en) * 2010-11-09 2012-05-23 中科正阳信息安全技术有限公司 Integration authentication method based on WEB single sign on
JP2014511511A (en) * 2010-11-22 2014-05-15 マイクロソフト コーポレーション Backend constraint delegation model
US20150319133A1 (en) * 2012-09-24 2015-11-05 Kt Corporation Method and device for managing identifier of euicc
US9734254B2 (en) * 2015-01-13 2017-08-15 Bank Of America Corporation Method and apparatus for automatic completion of an entry into an input field

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009157482A1 (en) * 2008-06-27 2009-12-30 エヌ・ティ・ティ・コミュニケーションズ株式会社 Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method
JP5570610B2 (en) * 2009-11-05 2014-08-13 ヴイエムウェア インク Single sign-on for remote user sessions
US8402530B2 (en) * 2010-07-30 2013-03-19 Microsoft Corporation Dynamic load redistribution among distributed servers
KR20140035918A (en) * 2011-04-28 2014-03-24 인터디지탈 패튼 홀딩스, 인크 Sso framework for multiple sso technologies
JP5802337B2 (en) * 2011-09-30 2015-10-28 インテル・コーポレーション Out-of-band remote authentication
JP5670958B2 (en) * 2012-06-04 2015-02-18 Necプラットフォームズ株式会社 Relay device, relay method, and computer program
EP2973406B1 (en) 2013-03-14 2019-11-27 NIKE Innovate C.V. Athletic attribute determinations from image data
US10223926B2 (en) 2013-03-14 2019-03-05 Nike, Inc. Skateboard system
CN105850093B (en) * 2013-09-05 2020-02-07 耐克创新有限合伙公司 Event taking captured sports moving image data and uploading by verifiable token agent uploader

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6263432B1 (en) * 1997-10-06 2001-07-17 Ncr Corporation Electronic ticketing, authentication and/or authorization security system for internet applications
US6298383B1 (en) * 1999-01-04 2001-10-02 Cisco Technology, Inc. Integration of authentication authorization and accounting service and proxy service
US20040128546A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for attribute exchange in a heterogeneous federated environment
US20050021956A1 (en) * 2003-07-01 2005-01-27 International Business Machines Corporation Method and system for a single-sign-on operation providing grid access and network access
US20050251855A1 (en) * 2004-05-04 2005-11-10 Hob Gmbh & Co. Kg Client-server-communication system
US20060005237A1 (en) * 2003-01-30 2006-01-05 Hiroshi Kobata Securing computer network communication using a proxy server
US20060048216A1 (en) * 2004-07-21 2006-03-02 International Business Machines Corporation Method and system for enabling federated user lifecycle management
US20060101510A1 (en) * 2001-04-19 2006-05-11 Microsoft Corporation Negotiating secure connections through a proxy server
US20060195893A1 (en) * 2003-06-26 2006-08-31 Caceres Luis B Apparatus and method for a single sign-on authentication through a non-trusted access network
US7113994B1 (en) * 2000-01-24 2006-09-26 Microsoft Corporation System and method of proxy authentication in a secured network
US20060230438A1 (en) * 2005-04-06 2006-10-12 Ericom Software Ltd. Single sign-on to remote server sessions using the credentials of the local client
US20060265740A1 (en) * 2005-03-20 2006-11-23 Clark John F Method and system for providing user access to a secure application
US20060282662A1 (en) * 2005-06-13 2006-12-14 Iamsecureonline, Inc. Proxy authentication network
US7194547B2 (en) * 2001-04-07 2007-03-20 Secure Data In Motion, Inc. Federated authentication service
US20070118513A1 (en) * 2005-11-14 2007-05-24 Hideaki Iwasaki System for managing community provided in information processing system, and method thereof
US7353383B2 (en) * 2002-03-18 2008-04-01 Jpmorgan Chase Bank, N.A. System and method for single session sign-on with cryptography
US20080163337A1 (en) * 2004-09-02 2008-07-03 Jonnathan Roshan Tuliani Data Certification Methods and Apparatus
US7540022B2 (en) * 2005-06-30 2009-05-26 Nokia Corporation Using one-time passwords with single sign-on authentication
US7565554B2 (en) * 2001-07-09 2009-07-21 Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno Method and system for a service process to provide a service to a client
US7793342B1 (en) * 2002-10-15 2010-09-07 Novell, Inc. Single sign-on with basic authentication for a transparent proxy

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3505058B2 (en) * 1997-03-28 2004-03-08 株式会社日立製作所 Network system security management method
AU8097501A (en) * 2000-08-04 2002-02-18 Computer Ass Think Inc Systems and methods for authenticating a user to a web server
JP2002334056A (en) * 2001-05-08 2002-11-22 Infocom Corp System and method for executing log-in in behalf of user
JP2004151863A (en) * 2002-10-29 2004-05-27 Sony Corp Automatic log-in system, automatic log-in method, automatic log-in program, and storage medium
JP4615247B2 (en) * 2004-05-07 2011-01-19 株式会社日立製作所 Computer system
JP2006120130A (en) * 2004-09-21 2006-05-11 Software Partner:Kk System and method for managing access log

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6263432B1 (en) * 1997-10-06 2001-07-17 Ncr Corporation Electronic ticketing, authentication and/or authorization security system for internet applications
US6298383B1 (en) * 1999-01-04 2001-10-02 Cisco Technology, Inc. Integration of authentication authorization and accounting service and proxy service
US7113994B1 (en) * 2000-01-24 2006-09-26 Microsoft Corporation System and method of proxy authentication in a secured network
US7194547B2 (en) * 2001-04-07 2007-03-20 Secure Data In Motion, Inc. Federated authentication service
US20060101510A1 (en) * 2001-04-19 2006-05-11 Microsoft Corporation Negotiating secure connections through a proxy server
US7565554B2 (en) * 2001-07-09 2009-07-21 Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno Method and system for a service process to provide a service to a client
US7353383B2 (en) * 2002-03-18 2008-04-01 Jpmorgan Chase Bank, N.A. System and method for single session sign-on with cryptography
US7793342B1 (en) * 2002-10-15 2010-09-07 Novell, Inc. Single sign-on with basic authentication for a transparent proxy
US20040128546A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for attribute exchange in a heterogeneous federated environment
US20060005237A1 (en) * 2003-01-30 2006-01-05 Hiroshi Kobata Securing computer network communication using a proxy server
US20060195893A1 (en) * 2003-06-26 2006-08-31 Caceres Luis B Apparatus and method for a single sign-on authentication through a non-trusted access network
US20050021956A1 (en) * 2003-07-01 2005-01-27 International Business Machines Corporation Method and system for a single-sign-on operation providing grid access and network access
US20050251855A1 (en) * 2004-05-04 2005-11-10 Hob Gmbh & Co. Kg Client-server-communication system
US20060048216A1 (en) * 2004-07-21 2006-03-02 International Business Machines Corporation Method and system for enabling federated user lifecycle management
US20080163337A1 (en) * 2004-09-02 2008-07-03 Jonnathan Roshan Tuliani Data Certification Methods and Apparatus
US20060265740A1 (en) * 2005-03-20 2006-11-23 Clark John F Method and system for providing user access to a secure application
US20060230438A1 (en) * 2005-04-06 2006-10-12 Ericom Software Ltd. Single sign-on to remote server sessions using the credentials of the local client
US20060282662A1 (en) * 2005-06-13 2006-12-14 Iamsecureonline, Inc. Proxy authentication network
US7540022B2 (en) * 2005-06-30 2009-05-26 Nokia Corporation Using one-time passwords with single sign-on authentication
US20070118513A1 (en) * 2005-11-14 2007-05-24 Hideaki Iwasaki System for managing community provided in information processing system, and method thereof

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8424058B2 (en) * 2006-12-07 2013-04-16 Sap Ag Security proxying for end-user applications
US20080141141A1 (en) * 2006-12-07 2008-06-12 Moore Dennis B Widget runtime engine for enterprise widgets
US20080141153A1 (en) * 2006-12-07 2008-06-12 Frederic Samson Cooperating widgets
US20080141341A1 (en) * 2006-12-07 2008-06-12 Ilja Vinogradov Security proxying for end-user applications
US8117555B2 (en) 2006-12-07 2012-02-14 Sap Ag Cooperating widgets
US20080215998A1 (en) * 2006-12-07 2008-09-04 Moore Dennis B Widget launcher and briefcase
US20100106777A1 (en) * 2007-01-31 2010-04-29 Nathaniel Cooper System and method for modifying web content via a content transform proxy service
US7647404B2 (en) * 2007-01-31 2010-01-12 Edge Technologies, Inc. Method of authentication processing during a single sign on transaction via a content transform proxy service
US8046495B2 (en) 2007-01-31 2011-10-25 Fgm, Inc. System and method for modifying web content via a content transform proxy service
US20080183902A1 (en) * 2007-01-31 2008-07-31 Nathaniel Cooper Content transform proxy
US20110207433A1 (en) * 2010-02-24 2011-08-25 Fujifilm Corporation Web server constituting single sign-on system, method of controlling operation of same, and recording medium storing program for controlling operation of same
US8369835B2 (en) * 2010-02-24 2013-02-05 Fujifilm Corporation Web server constituting single sign-on system, method of controlling operation of same, and recording medium storing program for controlling operation of same
CN102469075A (en) * 2010-11-09 2012-05-23 中科正阳信息安全技术有限公司 Integration authentication method based on WEB single sign on
JP2014511511A (en) * 2010-11-22 2014-05-15 マイクロソフト コーポレーション Backend constraint delegation model
US20150319133A1 (en) * 2012-09-24 2015-11-05 Kt Corporation Method and device for managing identifier of euicc
US9734254B2 (en) * 2015-01-13 2017-08-15 Bank Of America Corporation Method and apparatus for automatic completion of an entry into an input field

Also Published As

Publication number Publication date
JP4882546B2 (en) 2012-02-22
CN101098231B (en) 2014-05-28
JP2008009607A (en) 2008-01-17
CN101098231A (en) 2008-01-02
US8176538B2 (en) 2012-05-08

Similar Documents

Publication Publication Date Title
US8176538B2 (en) Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave
US11797636B2 (en) Intermediary server for providing secure access to web-based services
US8056125B2 (en) Recording medium storing control program and communication system
US8826411B2 (en) Client-side extensions for use in connection with HTTP proxy policy enforcement
EP1088427B1 (en) System and method for security of code
EP2847686B1 (en) Enhanced document and event mirroring for accessing content
US11468142B1 (en) Managing content uploads
US9596132B1 (en) Virtual sandboxing for supplemental content
EP2611102B1 (en) Providing a web application with measures against vulnerabilities
CN113079164B (en) Remote control method and device for bastion machine resources, storage medium and terminal equipment
US20070180523A1 (en) Method and system for tracking usage of on-line content
US20090083442A1 (en) Tracking Identifier Synchronization
CN103220344A (en) Method and system for using microblog authorization
CN111737687B (en) Access control method, system, electronic equipment and medium of webpage application system
US11356433B2 (en) System and method for detecting unauthorized activity at an electronic device
US20090228549A1 (en) Method of tracking usage of client computer and system for same
US20060047662A1 (en) Capability support for web transactions
US7519694B1 (en) Method and a system to dynamically update/reload agent configuration data
US20200302037A1 (en) Client server system
CN112836186A (en) Page control method and device
US8214499B2 (en) System and method for enabling software applications as a service in a non-intrusive manner
CN114244607A (en) Single sign-on method, system, device, medium, and program
CN113158107A (en) Method and device for accessing notification bar message, electronic equipment and storage medium
CN114745316A (en) Routing method, apparatus, device, medium and program product
Flinn Security and Privacy

Legal Events

Date Code Title Description
AS Assignment

Owner name: FUJI XEROX CO., LTD., JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KIGO, KENICHIRO;NAKATSUYAMA, HISACHI;REEL/FRAME:018633/0990

Effective date: 20061114

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20200508